Joerg Schaefer wrote: > It seems, that Tomcat doesn't allow a "= " sign in the cookie value.
It is the cookie specs that doesn't allow unquoted '=' and Tomcat got stricter about enforcing the specs as a result of a couple of security vulnerabilities. > If there is a "=" it put the value into "" -signs. Yep - as per the spec. Values that contain '=' have to be v1 cookies and have to be quoted. > This problem occurs with Tomcat 6.0.18. The cookie changes started in 6.0.14 and caused various regressions. The 6.0.18+ behaviour (ie the auto switching to v1 cookies) was added to help those apps that used '=' in the value and couldn't easily fix this themselves. > Are there a workarounds available to disable this behavior? Your options are: 1) Have v0 cookies with '=' treated as invalid (use STRICT_SERVLET_COMPILANCE) 2) Have Tomcat automatically switch the cookie to v1 and add the quotes (the default) 3) Don't use '=' in cookie values (ie change your app) Mark --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
